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WE CLAIM: 

1 . A method of processing a first data packet transmitted over a network from a 
source to a first recipient, said first data packet comprising a header layer and an 
application data layer, said method comprising: 

(a) capturing said first data packet from said network prior to its 
reception by said first recipient; 

(b) analyzing said header layer of said first data packet according to a 
first rule; 

(c) examining, selectively, a dynamically specified portion of said 
application data layer of said first data packet according to a second rule; 

(d) determining a first action to be taken on said first data packet 
according to a third rule; and 

(e) performing said first action on said first data packet. 

2. The method of Claim 1, wherein said first recipient transmits a second data packet 
over said network to said source in response to receipt of said first data packet, 
said first action comprising at least storing information about said first data packet, 
said method further comprising: 

(a) capturing said second data packet from said network prior to its 
reception by said source; 

(b) analyzing a header layer of said second data packet according to a 
fourth rule; 

(c) examining, selectively, a dynamically specified portion of said 
application data layer of said second data packet according to a fifth rule; 

(d) determining a second action to be taken on said second data packet 
according to a sixth rule; and 

(e) performing said second action on said second data packet; and 
wherein at least one of said fourth, fifth and sixth rules is based on said 

stored information. 
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3. The method of Claim 1, wherein said capturing further comprises intercepting said 
first data packet prior to receipt by a network router. 

4. The method of Claim 1, wherein said capturing is performed by a packet 
interceptor, said method further comprising: 

(f) allowing redefinition of said first, second and third rules by an 
entity external to said packet interceptor. 

5. The method of Claim 4, wherein said allowing further comprises allowing 
dynamic redefinition. 

6. The method of Claim 1, further comprising: 

(f) redefining, remotely, said first, second and third rules. 

7. The method of Claim 1, wherein said second and third rules are based at least in 
part on said analysis of said header. 

8. The method of Claim 1, wherein said analyzing further comprises determining a 
first result of said first rule, said examining further comprises determining a 
second result of said second rule, said determining further comprising determining 
said first action to be taken on said first data packet according to said first and 
second results. 

9. The method of Claim 1, wherein further comprising predefining said first, second 
and third rules. 

10. The method of Claim 1, wherein said analyzing further comprises no analysis of 
said header layer according to said first rule. 

1 1 . The method of Claim 1 , wherein said examining further comprises no examination 
of said application data layer according to said second rule. 

12. The method of Claim 1 , wherein said header layer further comprises a network 
address, said analyzing further comprises analyzing said network address 
according to said first rule. 
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13. The method of Claim 12, wherein said first rule comprises determining whether 
said network address matches a pre-defined criteria. 

14. The method of Claim 1, wherein said header layer further comprises a network 
address and said network address comprises a transport control port address. 

15. The method of Claim 1 , wherein said header layer further comprises a network 
address and said network address comprises an internet protocol address. 

16. The method of Claim 1, wherein said header layer further comprises a network 
address and said network address comprises a media access control address. 

17. The method of Claim 1, wherein said application data layer comprises application 
data generated by said source. 

18. The method of Claim 17, wherein said application data comprises a uniform 
resource locator and further wherein said second rule comprises determining 
whether said uniform resource locator matches a pre-defined criteria. 

19. The method of Claim 1, wherein said capturing further comprises capturing by a 
packet interceptor, said first action comprises: 

forwarding said first data packet to an entity external to said packet 
interceptor, said external entity being different from said first recipient. 

20. The method of Claim 1, wherein said first action comprises: 

releasing said first data packet to said network. 

21. The method of Claim 1, wherein said capturing is performed by a packet 
interceptor, said first action comprises: 

copying said first data packet to a second data packet; and 
forwarding said second data packet to an entity external to said packet 
interceptor, said external entity being different from said first recipient. 
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22. The method of Claim 21, wherein said first action further comprises: 

receiving a command from said external entity dictating a second action be 
taken on said first data packet. 

23. The method of Claim 22, wherein said second action comprises deleting said first 
data packet. 

24. The method of Claim 22, wherein said second action comprises releasing said first 
data packet to said network. 

25. The method of Claim 21, wherein said first action further comprises: 

releasing said first data packet to said network. 

26. The method of Claim 1, wherein said first action comprises: 

modifying said first data packet; and 

releasing said modified first data packet to said network. 

27. The method of Claim 26, wherein said modifying further includes: 

modifying at least a portion of said header layer. 

28. The method of Claim 26, wherein said modifying further includes: 

modifying at least a portion of said application data layer. 

29. The method of Claim 1, wherein said first action comprises: 

transmitting a response to said source based on said first data packet 
according to a fourth rule. 

30. The method of Claim 29, wherein said first action further comprises configuring 
said response to appear to originate from said first recipient. 

3 1 . The method of Claim 1 , wherein said capturing is performed by a packet 
interceptor, said packet interceptor comprising a plurality of rule sets and wherein 
a first rule set of said plurality of rule sets comprises said first, second and third 
rules and said first action, said method further comprising: 
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(f) determining which of said plurality of rule sets to apply to said first 
data packet. 

32. The method of Claim 1, wherein said capturing is performed by a packet 
interceptor, said method further comprising: 

(f) facilitating performing (a), (b), (c), (d) and (e) non-invasively with 
respect to said network for a plurality of entities external to said packet 
interceptor. 

33. The method of Claim 1, said method further comprising performing (a), (b), (c), 
(d) and (e) by a router. 

34. The method of Claim 1, wherein said capturing is performed by a packet 
interceptor, said method further comprising: 

(f) receiving a second data packet from an entity external to said packet 
interceptor, said second data packet directed to said packet interceptor; and 

(g) introducing said second data packet into said network. 

35. The method of Claim 1 5 wherein said network is characterized by a wire speed, 
said method further comprising performing (a)-(e) at least at said wire speed. 

36. The method of Claim 1, wherein said first data packet is characterized seven Open 
Systems Interconnection ("OSP) defined layers, said dynamically specified 
portion comprising any at least one of said seven layers. 

37. The method of Claim 1, wherein said network comprises an optical network. 

38. The method of Claim 1, wherein said network comprises an electrical network. 

39. The method of Claim 1, wherein (b) further comprises determining a first result of 
said first rule and (c) further comprises determining a second result of said rule, 
said method further comprising: 

(f) storing said first and second results; 

(g) capturing a second data packet from said network prior to its 
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reception by said first recipient; 

(h) analyzing said header layer of said second data packet according to 
said first rule and at least one of said stored first and second results; 

(i) examining, selectively, a dynamically specified portion of said 
application data layer of said second data packet according to a second rule and at 
least one of said stored first and second results; 

(j) determining a second action to be taken on said second data packet 
according to said third rule; and 

(k) performing said second action on said second data packet. 

40. The method of Claim 1, further comprising performing (a)-(e) invisibly to at least 
one of said source and said first recipient. 

41. A method of processing a first data packet directed to a first recipient over a 
network, said first data packet comprising header data and application data, said 
method comprising: 

(a) intercepting said first data packet prior to receipt by said first 
recipient; 

(b) capturing said first data packet in a buffer; 

(c) analyzing, selectively, said header data according to a first rule; 

(d) analyzing, selectively, a dynamically specified portion of said 
application data according to a second rule; 

(e) copying, selectively, said first data packet and forwarding, 
selectively, said copied first data packet to a second recipient different from said 
first recipient according to a third rule; 

(f) releasing, selectively, said first data packet back to said network 
according to a fourth rule; 

(g) modifying, selectively, said first data packet and releasing, 
selectively, said modified first data packet back to said network according to a 
fifth rule; 

(h) deleting, selectively, said first data packet from said buffer 
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according to a sixth rule; and 

(i) storing, selectively, information about said first data packet 
according to a seventh rule. 

The method of Claim 41, further comprising: 

(j) receiving a second data packet from said second recipient and 
introducing said second data packet into said network. 

The method of Claim 41 , further comprising: 

(j) redefining said first, second, third, fourth, fifth, sixth and seventh 
rules by said second recipient. 

The method of Claim 41, further comprising: 

(j) performing (e) and (f) as a compound operation. 

The method of Claim 41, further comprising: 

(j) performing (e) and (g) as a compound operation. 

The method of Claim 41, further comprising: 

(j) performing (e) and (h) as a compound operation. 

The method of Claim 41, further comprising: 

(j) performing (g) and (h) as a compound operation. 

The method of Claim 41, further comprising: 

(j) generating a second data packet directed to said source in response 
to said first data packet according to a eighth rule. 

The method of Claim 41, further comprising performing (e), (f), (g) and (h) in 
response to a command from said second recipient. 

An apparatus for processing a first packet transmitted over a network from a 
source to a first destination, said first packet comprising a header layer and an 
application data layer, said apparatus comprising: 

a network interface operative to receive said first packet from said source; 
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a routing processor coupled with said network interface and operative to 
receive said first packet from said network interface and convey said first packet 
to said first destination; and 

a packet processor coupled with said network interface and said routing 
processor, said packet processor comprising: 

a packet analyzer operative to analyze said header layer according 
to a first rule and selectively analyze a dynamically specified portion of said 
application data layer according to a second rule; and 

a packet redirector coupled with said packet analyzer and said 
routing processor and operative to selectively perform an action on said first 
packet according to a third rule prior to said conveyance by said routing processor. 

5 1 . The apparatus of Claim 50, wherein said packet processor further comprises a 
packet interceptor operative to buffer said first packet for analysis by said packet 
analyzer. 

52. The apparatus of Claim 50, wherein said packet processor is further coupled 
between said network interface and said routing processor. 

53 . The apparatus of Claim 5 1 , wherein said packet processor intercepts said first 
packet prior to receipt by said routing processor. 

54. The apparatus of Claim 50, wherein said packet processor further comprises an 
external device interface for communicating with a device external to said 
apparatus. 

55. The apparatus of Claim 54, wherein said first, second and third rules are capable 
of being redefined via said external device interface. 

56. The apparatus of Claim 54, wherein said action further comprises forwarding said 
first packet to said device. 
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57. The apparatus of Claim 54, wherein said action further comprises creating a copy 
of said first packet, storing said first packet in a buffer and forwarding said copy to 
said device. 

58. The apparatus of Claim 57, wherein said action further comprises deleting said 
first packet in response to a command received from said device. 

59. The apparatus of Claim 57, wherein said action further comprises releasing said 
first packet to said routing processor in response to a command received from said 
device. 

60. The apparatus of Claim 54, wherein said action further comprises receiving a 
second packet from said external device and releasing said second packet to said 
routing processor. 

61. The apparatus of Claim 50, wherein said action further comprises releasing said 
first packet to said routing processor. 

62. The apparatus of Claim 50, wherein said action further comprises storing 
information about said first packet for use in analyzing a second packet 
transmitted from said first destination to said source over said network. 

63. The apparatus of Claim 50, wherein said action further comprises modifying said 
first packet and releasing said modified packet to said routing processor. 

64. The apparatus of Claim 50, wherein said action further comprises transmitting a 
second packet to said source in response to said first packet. 

65. The apparatus of Claim 50, wherein said network is characterized by an operating 
speed, said apparatus operative to operate at least as fast as said operating speed. 

66. The apparatus of Claim 50, wherein said network comprises an optical network, 
said network interface being further operative to couple with said optical network. 
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67. The apparatus of Claim 50, wherein said first, second and third rules are operative 
to factor in past analysis of prior received packets. 

68. The apparatus of Claim 50, wherein one of said source and said first destination is 
unaware of said apparatus. 

69. The apparatus of Claim 50, is logically invisible to said network. 

70. The apparatus of Claim 50, wherein said apparatus is selectively visible to at least 
one of said source and said first destination. 

71 . The apparatus of Claim 70, wherein said apparatus is selectively network 
addressable. 

72. An adapter for a router comprising: 

a router interface operative to couple said adapter with said router; 

a packet processor coupled with said router interface and operative to 
intercept a first packet prior to receipt by said router, said packet processor further 
comprising: 

a buffer operative to receive and store said first packet for 

processing; 

first logic coupled with said buffer, said first logic operative to 
apply a first function to a header layer of said first packet and produce a first 
result; 

second logic coupled with said buffer, said second logic operative to 
apply a second function to a dynamically specified portion of said application data 
layer of said first packet and produce a second result; and 

third logic coupled with said buffer and said first and second logic, 
said third logic operative to perform an operation on said first packet using a third 
function and said first and second results. 

73. The adapter of Claim 72, wherein said first, second and third logic are capable of 
being dynamically redefined. 
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The adapter of Claim 72, wherein said second logic is further coupled with said 
first logic and further comprises an input for receiving said first result. 

The adapter of Claim 72, further comprising an external device interface operative 
to interconnect one or more devices to said packet processor, said devices being 
external to said router and said adapter. 

The adapter of Claim 75, wherein said packet processor is further operative to 
non-invasively interconnect said one or more devices to said network. 

The adapter of Claim 75, wherein said packet processor is further operative to 
receive one or more commands from said one or more devices and wherein said 
first, second and third logic are further operative to respond to said one or more 
commands. 

The adapter of Claim 75, wherein said third function comprises forwarding said 
first packet from said buffer to a first of said one or more devices based on said 
first and second results. 

The adapter of Claim 75, wherein said third function comprises forwarding a copy 
of said first packet to a first of said one or more devices and retaining said first 
packet in said buffer based on said first and second results. 

The adapter of Claim 79, wherein said third function further comprises forwarding 
said first packet from said buffer to said router in response to a command received 
from said first of said one or more devices. 

The adapter of Claim 79, wherein said third function further comprises purging 
said first packet from said buffer in response to a command received from said 
first of said one or more devices. 

The adapter of Claim 75, wherein said packet processor is further operative to 
receive a second packet from a first of said one or more devices and forward said 
second packet to said router. 
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83. The adapter of Claim 72, wherein said first function comprises a comparison 
function. 

84. The adapter of Claim 72, wherein said second function comprises a comparison 
function. 

85. The adapter of Claim 72, wherein said third function comprises forwarding said 
first packet from said buffer to said router based on said first and second results. 

86. The adapter of Claim 72, wherein said third function comprises modifying said 
first packet in said buffer and forwarding said modified packet from said buffer to 
said router based on said first and second results. 

87. The adapter of Claim 72, wherein said first packet comprises a packet transmitted 
from a source to a destination over a network, said third function comprises 
storing information about said first packet for subsequent processing by said 
adapter of a second packet transmitted from said destination to said source over 
said network. 

88. The adapter of Claim 72, wherein said third function comprises generating a 
response packet to said first packet and forwarding said response packet to said 
router based on said first and second results. 

89. The adapter of Claim 72, further comprising fourth logic coupled with said first, 
second and third logic, and operative to store state information related to said first 
and second results and said operation, said first, second and third logic being 
further operative to use said state information to produce said first and second 
results and perform said operation. 

90. A system for facilitating a non-invasive interface to a network comprising: 

a router coupled with said network and operative to route a first packet 
from a first source to a first destination; and 

a packet processor coupled with said router and operative to receive said 
first packet from said first source and process said first packet prior to routing by 
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said router, said packet processor including: 

a rule set comprising first, second and third rules; 

first logic operative to analyze a header layer of said first packet 
according to said first rule; 

second logic operative to analyze a dynamically specified portion of 
said application data layer of said first packet according to said second rule; 

third logic operative to perform a function on said first packet 
according to said third rule; and 

an external interface operative to transparently couple a first 
external device to said packet processor. 

91. The system of Claim 90, wherein said function comprises forwarding a copy of 
said first packet to said first external device. 

92. The system of Claim 91, wherein said function further comprises forwarding said 
first packet to said router. 

93. The system of Claim 92, wherein said forwarding is in response to a command 
from said first external device. 

94. The system of Claim 91, wherein said function further comprises deleting said 
first packet. 

95. The system of Claim 94, wherein said deleting is in response to a command from 
said first external device. 

96. The system of Claim 90, wherein said function comprises forwarding said first 
packet to said router. 

97. The system of Claim 90, wherein said function further comprises storing 
information about said first packet. 

98. The system of Claim 97, wherein said packet processor is further operative to 
receive a second packet from said first destination for routing to said first source 
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and process said second packet prior to routing by said router, at least one of said 
first, second and third rules being based on said stored information. 

99. The system of Claim 90, wherein said function comprises deleting said first 
packet. 

100. The system of Claim 90, wherein said function comprises modifying said first 
packet and forwarding said modified first packet to said router. 

101. The system of Claim 100, wherein said function further comprises adapting a 
content of said application data layer. 

1 02. The system of Claim 90, wherein said packet processor further comprises an 
external packet receiver operative to receive a second packet generated by said 
first external device and forward said second packet to said router. 

103. The system of Claim 90, wherein said function comprises formulating a response 
packet to said first packet and forwarding said response packet to said router for 
routing to said first source. 

104. The system of Claim 90, wherein said rule set is operative to be modified by said 
first external device. 

105. The system of Claim 90, wherein said first packet is allowed to be received by said 
router in parallel with said reception by said packet processor and wherein said 
function further comprises preventing said routing of said first packet. 

106. The system of Claim 90, wherein said packet processor is characterized by a first 
latency and said router is characterized by a second latency, said system latency 
being substantially equivalent to the sum of said first and second latencies and 
wherein said external device is characterized by a third latency, said system 
latency being unaffected by said third latency. 
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107. The system of Claim 90, wherein said external interface is operative to couple one 
or more of said external devices with said packet processor in parallel with the 
others of said one or more of said external devices. 

108. An edge server coupled between a point-of-presence ("POP") and a network and 
operative to monitor a network traffic stream passing between said POP and said 
network, said edge server comprising: 

a traffic interceptor operative to selectively intercept said network traffic 
stream between said POP and said network prior to said network traffic stream 
reaching its intended destination; and 

a traffic modifier operative to modify said selectively intercepted traffic 
and reinsert said modified selectively intercepted traffic into said work. 

109. The edge server of Claim 108, wherein said network traffic stream comprises a 
plurality of packets, said traffic interceptor being further operative to selectively 
intercept at least one of said plurality of packets. 

110. The edge server of Claim 108, wherein said network is characterized by a 
transmission rate, said edge server capable of operating at least at said 
transmission rate. 

111. The edge server of Claim 1 08, wherein said network traffic stream comprises a bi- 
directional network traffic stream, said traffic interceptor further operative to 
selectively intercept said bi-directional network traffic stream. 
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